Add unique index on documents.source_url to fix slow uniqueness valid… (#246)

* Add unique index on documents.source_url to fix slow uniqueness validation

The uniqueness validation on source_url was doing a full table scan on every
document save. This adds a partial unique index excluding NULL and empty
string values, matching the `if: -> { source_url.present? }` condition.

Made-with: Cursor

* Update dependencies in Gemfile and Gemfile.lock to address security vulnerabilities

- Added 'nokogiri' version 1.19.1 to fix GHSA-wx95-c6cv-8532 and CVE-2026-22860, CVE-2026-25500.
- Updated 'rack' to version 3.1.20 for improved security and compatibility.

* Update Ruby version to 3.3.8 in .ruby-version, Gemfile, and GitHub Actions workflow

- Updated Ruby version from 3.2.2 to 3.3.8 in .ruby-version and Gemfile for compatibility.
- Adjusted GitHub Actions workflow to use the new Ruby version for CI/CD processes.
- Updated Gemfile.lock to reflect the new Ruby version.

Author: vswamidass-sfdc

.github/workflows/rubyonrails.yml

@@ -49,7 +49,7 @@ jobs:
       - name: Install Ruby and gems
         uses: ruby/setup-ruby@v1
         with:
-          ruby-version: '3.2.2'
+          ruby-version: '3.3.8'
           bundler-cache: true
       # Add or replace any other lints here
       - name: Security audit dependencies

.ruby-version

@@ -1 +1 @@
-3.2.2
+3.3.8

Gemfile

@@ -3,7 +3,7 @@
 source 'https://rubygems.org'
 git_source(:github) { |repo| "https://github.com/#{repo}.git" }
 
-ruby '3.2.2'
+ruby '3.3.8'
 
 # Bundle edge Rails instead: gem "rails", github: "rails/rails", branch: "main"
 gem 'rails', '~> 7.2.0'
@@ -94,6 +94,10 @@ gem 'httparty', '>= 0.24.0'
 # Security: Fix CVE-2026-25765 (SSRF vulnerability)
 gem 'faraday', '>= 2.14.1', '< 3.0'
 
+# Security: Fix GHSA-wx95-c6cv-8532 (nokogiri), CVE-2026-22860, CVE-2026-25500 (rack)
+gem 'nokogiri', '>= 1.19.1'
+gem 'rack', '~> 3.1.20'
+
 # Markdown renderer
 gem 'redcarpet'
 

Gemfile.lock

@@ -265,11 +265,11 @@ GEM
       net-protocol
     nio4r (2.7.4)
     nkf (0.2.0)
-    nokogiri (1.18.9-arm64-darwin)
+    nokogiri (1.19.1-arm64-darwin)
       racc (~> 1.4)
-    nokogiri (1.18.9-x86_64-darwin)
+    nokogiri (1.19.1-x86_64-darwin)
       racc (~> 1.4)
-    nokogiri (1.18.9-x86_64-linux-gnu)
+    nokogiri (1.19.1-x86_64-linux-gnu)
       racc (~> 1.4)
     nori (2.7.1)
       bigdecimal
@@ -322,7 +322,7 @@ GEM
     pundit (2.5.0)
       activesupport (>= 3.0.0)
     racc (1.8.1)
-    rack (3.1.18)
+    rack (3.1.20)
     rack-cors (3.0.0)
       logger
       rack (>= 3.0.14)
@@ -536,6 +536,7 @@ PLATFORMS
   arm64-darwin-24
   arm64-darwin-25
   x86_64-darwin-22
+  x86_64-darwin-25
   x86_64-linux
 
 DEPENDENCIES
@@ -559,6 +560,7 @@ DEPENDENCIES
   jbuilder
   kaminari
   neighbor
+  nokogiri (>= 1.19.1)
   omniauth-google-oauth2
   optparse
   pager_duty-connection
@@ -567,6 +569,7 @@ DEPENDENCIES
   pgvector
   puma (~> 6.4)
   pundit (~> 2.3)
+  rack (~> 3.1.20)
   rack-cors
   rails (~> 7.2.0)
   rails-controller-testing
@@ -594,7 +597,7 @@ DEPENDENCIES
   websocket-client-simple
 
 RUBY VERSION
-   ruby 3.2.2p53
+   ruby 3.3.8p144
 
 BUNDLED WITH
    2.4.13

db/migrate/20260313120000_add_index_to_documents_source_url.rb

@@ -0,0 +1,10 @@
+# frozen_string_literal: true
+
+class AddIndexToDocumentsSourceUrl < ActiveRecord::Migration[7.1]
+  disable_ddl_transaction!
+
+  def change
+    remove_index :documents, :source_url, if_exists: true
+    add_index :documents, :source_url, unique: true, where: "source_url IS NOT NULL AND source_url != ''", algorithm: :concurrently
+  end
+end